Posts

The Future of Regulation in the Perma-Cyber-Infowar

/137 Comments/in , /by

[NB: Check the byline, thanks! /~Rayne]

Looks like we could use an open thread to discuss all the stuff not directly related to the Trump-Russia investigation.

I do want to toss out a topic we should visit given the transition of power in the House from one political party to another and the sea change over the last several years in public awareness about information security.

Most regular readers here have been aware of the dynamic tension between civil liberties and national security, individuals’ rights to privacy and autonomy too frequently falling victim to the state’s efforts to surveil and control.

This site has wrestled with the threats to privacy and security posed by hardware (like cell phones and servers) and software (like vulnerabilities, ransomware, cyberweapons).

But how do we address the threats social media and other information platforms pose? Can we really ignore that Facebook has been weaponized against its country of origin let alone other host nations from the U.K. to Myanmar? Does Sen. Elizabeth Warren’s proposal to break up the largest social media platforms and label them ‘platform utilities’ under a new regulatory structure adequately address users’ privacy rights, information security, and national security?

How far should we push for disclosure of proprietary intellectual property like the platforms’ algorithms? How do we regulate the operation of these without jeopardizing their viability?

Do we need a mandatory ethical standard to which startups must build and existing platforms must comply? Facebook’s iffy interpretation of user consent to use in academic research, for example, was key to its weaponization. What regulatory standard would have prevented the abuse of users’ trust and their data?

Does the likely permanence of cyber warfare as well as information warfare require more or less than Warren has proposed?

Hash it out here in comments. Bring all the stray dog-and-cat issues as well.

Unwinding a Multithreaded Beast

/100 Comments/in , /by

This is more than the usual caveat asking readers to note the byline on this post. I’m not the expert at this site on the investigations by Special Counsel’s Office or any other law enforcement body — for that see Marcy’s or bmaz’s posts and comments.

However I spend a lot of time on information technology, which is how I ended up reading a report on internet-mediated information warfare.

Last year the Senate Select Committee on Intelligence held a hearing about Foreign Influence on Social Media. One of the commissioned and invited research organizations was New Knowledge (NK), a cybersecurity/information integrity consultancy. NK’s director of research delivered prepared remarks and a whitepaper providing an overview of Russia’s influence operations and information warfare program.

The paper is a peppy read; it will little surprise those who have followed the Trump-Russia investigation and the role social media played in the 2016 election. But there are still bits which are intriguing — more so months after the paper was first delivered,  in light of long-time ratfucker Roger Stone’s indictment this past week.

Note these two excerpts from the report:

There wasn’t a link in the indictment last year of the Russian Internet Research Agency personnel with Stone’s indictment. The IRA charges don’t overlap with Stone’s at all (count numbers from indictments in paren.).

Stone:
(1) Obstruction of Proceeding
(2-6) False Statements
(7) Witness Tampering

IRA:
(1) Conspiracy (to gain unauthorized access, hack and steal information)
(1) Wire Fraud Conspiracy
(3-7) Wire Fraud
(8,9) Aggravated Identity Theft
(10) Conspiracy Commit to Money Laundering

But Stone’s indictment reveals an interesting overlap of threads between Stone’s efforts on behalf of the Trump campaign and the information warfare operation the IRA conducted in 2016.

Why was the IRA propelling content to fluff Assange’s credibility in the days before the release of the hacked emails Stone was trying to manage? This is a rather odd service to offer as a tenth anniversary gift to a so-called journalism outlet which should be able to point to its achievements on its own.

The IRA wasn’t alone in its Assange cred-fluffing. What a coincidence the UK tabloid DailyMail also touted Assange’s ability to affect Clinton’s campaign with a release of hacked emails — and at nearly the same time the IRA was pumping up Assange’s image.

How odd this DailyMail piece was pegged to Wikileaks’ anniversary, but the headline on the article and subhead treat the anniversary as an afterthought compared to the hacked emails and their effect on the Clinton campaign.

It doesn’t look like social media alone manipulated public perception, or that manipulation was confined to U.S. media.

Perhaps these two threads — the IRA’s influence operation/information warfare and Stone’s hacked email ratfucking — weren’t directed by a common entity. The public may not know depending on the course of SCO’s criminal and counterintelligence investigations and what information is released. But they certainly sewed toward the same outcome.